MIM 2016 SP1–Service and Portal Installation Guide

This document is intended to be used as an operational build document for the Microsoft Identity Management 2016 MIM Service and Portal Server installation. This guide does not cover the installation of the Password Registration and Password Reset Portals. These installations are covered in detail in separate blog posts.

Using this Guide:

You may perform search and replace on the variables listed below to create a detailed build guide customized for your environment.

Document Variables:

Description

Search and Replace Variable

Full Domain Name (ex. Contoso.com)

[FQDOMAIN]

Common name of the domain (ex. Contoso)

[DOMAIN]

Common name of the SQL Server (ex. SQL01)

[SQL SERVER]

Common name of the MIM Service and Portal SQL Instance (ex. Service)

[SQL INSTANCE]

Common name of the MIM Synchronization Server (ex. SyncServer01)

[MIM SYNC SERVER]

Common name of the first MIM Service and Portal Server (ex. Portal01)

[MIM SERVER 1]

Common name of the second MIM Service and Portal Server (ex. Portal02)

[MIM SERVER 2]

Common name of the MIM Installation Service Account (ex. MIMInstall)

[INSTALL ACCOUNT]

Common name of the MIM MA Service Account (ex. MIMMA)

[MIM MA SERVICE ACCOUNT]

Common name of the MIM Service Account (ex. MIMService)

[MIM SERVICE ACCOUNT]

Full email address of the MIM Service Account (ex. MIM.Service@contoso.com)

[MIM SERVICE EMAIL]

Common name of the MIM Password Registration service account. (ex. MIMPwdReg)

When performing a search and replace on document variables, replace this variable with a space to clear the variable value in the documentation.

[MIM PWD REG ACCOUNT]

Common name of the MIM Password Reset service account. (ex. MIMPwdRst)

When performing a search and replace on document variables, replace this variable with a space to clear the variable value in the documentation.

When performing a search and replace on document variables, replace this variable with a space to clear the variable value in the documentation.

[MIM PRP URL]

Requirements:

MIM Portal Server Requirements:

Two Windows 2012 R2 virtual servers are required for this effort. These servers provide for primary servers in the Test environment. Each should have a minimum of 4 CPUs and 32 Gb of RAM. The two servers should have the following disk allocations:

Under Identity Manager Service and Portal, select Install Service and Portal,

Select Run

If prompted, select Yes to allow program to make changes to computer.

On the Welcome to Microsoft Identity Manager Service and Portal Setup Wizard

select Next.

On the End-User License Agreement page,

Review the license agreement and accept to continue installation.

select Next.

On the MIM Customer Experience Improvement Program page,

choose your participation option and select Next.

On the Custom Setup page:

MIM Reporting and Privilege Access Management:

By Default, MIM Reporting and Privileged Access Management features are not installed. Under MIM Service the MIM Reporting and Privileged Access Management options are deselected with a red X appearing next to these optional features.

Should you choose to install these features, additional documentation on the installation of these features can be located online.

Password Registration and Reset:

Conversely, Password Registration and Reset are installed by default. Should you choose not to install these features, or if these features will be installed on a separate system, the following actions may be taken to prevent the installation of these features.

On the Configure Common Services– Configure MIM Service and Portal Synchronization page

Enter the following information:

Synchronization Server: [MIM SYNC SERVER]

MIM Management Agent Account: [DOMAIN]\[MIM MA SERVICE ACCOUNT]

Select Next

You may receive a warning message:

The MIM synchronization server you have entered does not exist or is not running. Click ‘Back’ to enter a different server name. If you plan to install the MIM synchronization service on the ‘[MIM SYNC SERVER]’ later, click ‘Next’ to accept the configuration and continue. Refer to the installation guide for instructions on how to change this information post deployment.

Verify the server name is correct.

If it is not correct, select Back and correct the name.

Once the server name is verified to be correct, you may still receive this message.

select Next to continue

On the Configure Common Services– Configure Connection with MIM Service page

MIM Service Server Address: [MIM SERVER 1] or [MIM SERVER 2]

select Next

On the Configure Common Services– Configure Connection with MIM Service page

SharePoint Site Collection URL: http://FIMPortal

Select Next

On the Configure Common Services– Configure Optional Portal Home Page Configuration page

Registration Portal URL: [MIM PRP URL]

Select Next

Note: This should be left empty if this feature is not implemented.

On the Configure Common Services– Configure Security Changes Configured by Setup page

Select Open ports 5725 and 5726 in the Portal

Select Grant Authenticated Users Access to MIM Portal Site

Select Next

On the Enter Information for MIM Password Portals page

If applicable, select MIM Password Registration Portal will be installed on another host.

Account Name: [DOMAIN]\[MIM PWD REG ACCOUNT]

If applicable, select MIM Password Reset Portal will be installed on another host

Account Name: [DOMAIN]\[MIM PWD RST ACCOUNT]

Select Next

On the Install Microsoft Identity Manager Service and Portal page

Select Install

Please be patient, as the installation may take some time to complete while opening and closing command windows and at times giving the appearance that no actions are occurring.

On the Completed Microsoft Identity Manager Service and Portal Setup Wizard page,

The Microsoft Identity Manager Workflow Activities Libraries (MIMWAL) is a Microsoft-maintained-open-source library that extends the functionality of MIM. Repeat the following steps on all MIM Service and MIM Portal Servers.